Information Security Specialist

About One Acre Fund

Founded in 2006, One Acre Fund equips 5.5 million smallholder farmers to make their farms more productive. Across nine countries that together are home to two-thirds of Africa's farmers, we provide high-quality farm supplies, tree seedlings, accessible credit, modern agronomic training, and a wide range of other agricultural services. On average, this model enables any farmer to increase their income and assets on supported land by more than 35 percent, while permanently improving their resilience. This is all made possible by our team of 9,000+ full-time staff, drawn from diverse backgrounds and professions.

To learn more, please see our Why Work Here blog post.

About the Role

The Information Security team at One Acre Fund safeguards systems and data across a diverse, distributed, and technology-driven environment. As an Information Security Specialist, you will help maintain and improve our security operations. This role is ideal for someone with hands-on cybersecurity experience who is eager to work across cloud infrastructure, applications, and devices — helping us proactively manage threats and improve our security posture.

The department is looking for an Information Security Specialist with 2–4 years of experience to support and strengthen security operations across our systems, applications, and infrastructure. You will report to the Head of Information Security.

Responsibilities

• Implement and maintain security tools and processes, including SIEM platforms, vulnerability scanners, and endpoint protection systems.
• Conduct regular vulnerability assessments, penetration testing (VAPT), and support remediation tracking across infrastructure and applications.
• Monitor security alerts from systems such as SIEM platforms, cloud services, and administrative consoles; triage potential incidents and coordinate appropriate incident response efforts.
• Support IAM processes, including user access reviews and recertifications.
• Collaborate with IT and engineering teams to secure systems, applications, and cloud environments through technical advice and configuration reviews.
• Roll out security awareness programs, including phishing simulations, training campaigns, and content development.
• Help roll out security awareness programs, including phishing simulations and training.
• Keep documentation, tool configurations, and asset inventories accurate and up-to-date.
• Contribute to improvements in automation, monitoring, and process optimization.

Career Growth and Development

We have a strong culture of constant learning and we invest in developing our people. You’ll have weekly check-ins with your manager, access to mentorship and training programs, and regular feedback on your performance. We hold career reviews every six months, and set aside time to discuss your aspirations and career goals. You’ll have the opportunity to shape a growing organization and build a rewarding long-term career.

Qualifications

Across all roles, these are the general qualifications we look for. For this role specifically, you will have:

• 2–4 years of hands-on experience in Information Security or Cybersecurity.
• Familiarity with vulnerability scanning, penetration testing tools, and threat detection platforms (e.g., Rapid7 InsightVM, OpenVAS (Greenbone), Burp Suite, splunk, Logrhythm,).
• Proven expertise in conducting vulnerability assessments and penetration testing to identify and remediate security weaknesses.
• Understanding of cybersecurity principles across application, endpoint, cloud, and network security domains.
• Knowledge of frameworks such as NIST CSF, CIS Controls, or ISO 27001.
• Experience monitoring and analyzing security alerts; ability to respond to and document incidents.
• Familiarity with IAM concepts, including access reviews and role-based access control.
• Basic scripting or automation skills (e.g., Python, Bash) 
• Strong communication and collaboration skills, especially when working with technical and non-technical teams.
• Relevant certifications such as:
  • CompTIA Security+
  • Certified Ethical Hacker (CEH)
  • GIAC Security Essentials (GSEC) or equivalent

Preferred Start Date

As soon as possible

Job Location

Nairobi, Kenya

Benefits

Health insurance, paid time off 

Eligibility

This role is only open to citizens or permanent residents of Kenya.

Application Deadline

28 July 2025. Please note that we hire on a rolling basis which means that applications are reviewed and processed on a continuous basis until a hire is made.

One Acre Fund never asks candidates to pay any money or pay for tests at any stage of the interview process. Official One Acre Fund emails will always arrive from an @oneacrefund.org address. Please report any suspicious communication here (globalhotline@oneacrefund.org), but do not send applications or application materials to this email address.

Diversity, Equity, Inclusion (DEI), and anti-racism are deeply connected to our organization’s mission and purpose. One Acre Fund aspires to build a culture where all staff feel consistently valued, represented, and connected – so that our team can thrive as professionals, and achieve exceptional impact for the farmers we serve.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, marital status, disability, gender, gender identity or expression. We are proud to be an equal opportunity workplace.